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GAU 2131 , Examiner Shin Hon Chen 
REPLY TO OFFICE ACTION 

REMARKS 

By this amendment, Claims 1-2, 5-7, 10, 13-15, 18-20, 23-25, 28-29, and 32-34 are 
amended. No claims have been added or canceled. Hence, Claims 1-36 are pending in the 
application. 

Each issue raised in the Office Action mailed March 28, 2008, is addressed hereinafter. 

I. ISSUES RELATING TO CLAIM AMENDMENTS 

The amendments to the claims as indicated herein do not add any new matter to this 
application. Support for the amendments made to the claims can be found in the at least the 
following paragraphs of the Specification: Paragraph [0012] ("Under RFC 792, IPv4 ICMP 
error packets comprise a copy of the IP header of the original packet that generated an error, and 
at least eight (8) bytes of data from the payload of the original IP packet."); Paragraph [0020] 
("Unlike prior approaches, transport layer or application-layer protocol information embedded in 
the ICMP packet is used to authenticate the packet."). 

II. ISSUES NOT RELATING TO ANY CITED PRIOR ART 

Claim 18 was rejected under 35 U.S.C. § 101 for allegedly being directed to non- 
statutory subject matter. Present Claim 18 satisfies all statutory requirements. Reconsideration 
of the claim and withdrawal of the rejection are respectfully requested. 
IE. ISSUES RELATING TO CITED PRIOR ART 

A. CLAIMS 1-28 —TALPADE in view of FAN 

Claims 1-28 are rejected under 35 U.S.C. § 103(a) as allegedly obvious over U.S. Pub 
No. 2004/0148520, by Talpade et al. ("Talpade"), in view of U.S. Patent No. 6,219,706, issued 
to Fan et al ("Fan"). Based on the following arguments, the rejections are respectfully traversed. 
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Independent Claim 1 recites: 

receiving an ICMP packet, wherein a data field within the ICMP 
packet includes a portion of a header associated with a 
connection in a connection-oriented transport protocol, and 
wherein the portion of the header includes a packet sequence 
value associated with the connection; 

obtaining the packet sequence value from the portion of the header that 
is included within the data field within the ICMP packet; 

authenticating the ICMP packet by determining if the packet 
sequence value from the portion of the header that is 
included within the data field within the ICMP packet is 
valid; and 

responding to the ICMP packet by updating a parameter value 

associated with the transport protocol connection only if the 
packet sequence value is determined to be valid. 

(Emphases added.) No combination of Talpade in view of Fan teaches at least the bold-faced 

features of Claim 1 as recited above. 

Claim 1 recites "a data field within the ICMP packet includes a portion of a header 

associated with a connection in a connection-oriented transport protocol, and wherein the portion 

of the header includes a packet sequence value associated with the connection." It is stated in 

RFC 792 that some ICMP packets, such as the ICMP recited in Claim 1, have the following 



structure: 



MAC 
Header 


IP 

Header 


ICMP 
Header 


ICMP data field 


Data includes: 


• Reproduced IP Header from the original datagram 

• Reproduced portion of TCP Header from the original 
datagram (with packet sequence number) 





Thus, the "packet sequence number" as recited in Claim 1 refers specifically to the packet 
sequence number that is "from the portion of the header that is included within the data field 
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within the ICMP packet," as recited in Claim 1. Claim 1 recites that the ICMP packet is 
authenticated "by determining if the packet sequence value from the portion of the header 
that is included within the data field within the ICMP packet is valid." As recited in Claim 
1, only if the packet sequence value is determined to be valid will a parameter value be updated. 

Talpade fails to teach or suggest "authenticating the ICMP packet by determining if the 
packet sequence value from the portion of the header that is included within the data field within 
the ICMP packet is valid," as recited in Claim 1 . To the extent that Talpade teaches determining 
the validity of values from ICMP packets, Talpade merely teaches "[t]he sensor filters analyze 
packet headers looking for field values beyond the defined range of values." (Talpade, 
Paragraph [0020].) In contrast with Claim 1, Talpade describes analyzing packet headers. 
Talpade does not teach or suggest analyzing any ICMP packet data fields, as recited in Claim 1. 
Therefore, Talpade does not teach or suggest authenticating ICMP packets by determining the 
validity of values found within ICMP data fields, as recited in Claim 1 . 

Fan does not "fill the gaps" left behind by Talpade. In contrast to Claim 1, Fan merely 
describes a firewall receiving a TCP packet, not an ICMP packet, and examining the header of 
the TCP packet for the packet sequence number. (Fan, Col. 10, lines 27-30: "It may do so by 
examining the packet header.") Fan does not describe examining a data field of a packet for any 
packet sequence number, as recited in Claim 1. Furthermore, in contrast to Claim 1, Fan teaches 
that the firewall receives a packet, and examines a payload of a packet "to determine whether it 
has a specified intrusion signature." (Fan, Col. 13, lines 31-33.) Therefore, Fan does not teach 
or suggest authenticating ICMP packets by determining the validity of a packet sequence 
value found within an ICMP packet data field, as recited in Claim 1. Because no combination 
of Talpade and Fan teaches one or more express features of Claim 1, it is respectfully submitted 
that Claim 1 is allowable over Talpade in view of Fan, and is condition for allowance. 
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Furthermore, no combination of Talpade or Fan teaches "responding to the ICMP packet 
by updating a parameter value associated with the transport protocol connection only if the 
packet sequence value is determined to be valid," as recited in Claim 1 . Fan does not teach 
ICMP packets, and therefore cannot be relied upon to teach this feature. To the extent that 
Talpade responds to any ICMP packets that are received and not filtered by the sensors, the 
system of Talpade responds to the ICMP packets only after examining analyzing packet 
headers to determine the validity of the packet, not data fields, as recited in Claim 1. As 
discussed above, Talpade does not teach analyzing any data fields. Thus, Talpade does not teach 
"responding to the ICMP packet . . . only if the packet sequence value is determined to be valid," 
as recited in Claim 1. Because no combination of Talpade and Fan teaches one or more express 
features of Claim 1, it is respectfully submitted that Claim 1 is allowable over Talpade in view of 
Fan, and is condition for allowance. 

Independent Claim 10 recites: 

receiving, at a TCP endpoint node in a TCP/IP packet-switched 
network, an ICMP packet, wherein a data field within the 
ICMP packet includes a portion of a TCP header associated 
with a TCP connection; 

obtaining a packet sequence number from the portion of the TCP 

header that is included within the data field within the ICMP 
packet; 

authenticating the ICMP packet by determining if the packet sequence 
number from the portion of the TCP header that is included 
within the data field within the ICMP packet is valid; and 

responding to the ICMP packet by updating a maximum 

transmission unit (MTU) value associated with the TCP 
connection only if the packet sequence number is 
determined to be valid. 

The Office Action states that "claim 10 ... encompass the same scope as claim 1...." Applicants 

respectfully disagree. Claim 10 recites features that are not disclosed in Claim 1. For example, 
Claim 10 recites "a TCP endpoint node," a "TCP/IP packet-switched network," and a "maximum 
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transmission unit (MTU) value." In addition to features already discussed above, no 
combination of Talpade or Fan teach or disclose "responding to the ICMP packet by updating 
a maximum transmission unit (MTU) value associated with the TCP connection only if the 
packet sequence number is determined to be valid," as recited in Claim 10. As discussed 
above, Fan does not teach ICMP packets, and therefore does not teach the claimed feature. 
Furthermore, Talpade, in addition to not teaching any "determining if the packet sequence 
number from the portion of the TCP header that is included within the data field within the 
ICMP packet is valid," as discussed above, Talpade also does not teach "updating . . . MTU . . . 
values," as recited in Claim 10. Because no combination of Talpade and Fan teaches one or 
more express features of Claim 10, it is respectfully submitted that Claim 10 is allowable over 
Talpade in view of Fan, and is condition for allowance. 

Independent Claims 18, 19, and 28 include features similar to Claim 1, except in the 
context of computer-readable media, in means-plus-function form, or as an apparatus claim. It is 
therefore respectfully submitted that Claims 18, 19, and 28 are patentable over Talpade in view 
of Fan for at least the reasons given above with respect to Claim 1 . 

Claims 29-36, 1 1-17, and 20-27 are dependent claims, each of which depends (directly 
or indirectly) on Claims 10, 18, 19, and 28. In addition, each of Claims 29-36, 11-17, and 20- 
27 introduces one or more additional features that independently render it patentable. Due to the 
fundamental differences already identified, to expedite the positive resolution of this case, a 
separate discussion of the features of Claims 29-36, 11-17, and 20-27 is not included at this 
time. The Applicant reserves the right to further point out the differences between the cited art 
and the novel features recited in the dependent claims. 

In view of the foregoing, it is respectfully asserted that the claims are now in condition 
for allowance. 
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CONCLUSION 

For the reason set forth above, all of the pending claims are in condition for allowance. 
The Examiner is respectfully requested to contact the undersigned by telephone relating to any 
issue that would advance examination of the present application. 

If any fees are due with this Reply, the Commissioner is hereby authorized to charge any 
applicable fees and/or credit any overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 

Dated: lune 30, 2008 /RhysWCheun g#5 8648/ 

Rhys W. Cheung 
Reg. No. 58,648 

2055 Gateway Place, Suite 550 
San Jose, CA 95110 
Direct: (408) 754-1450 
Facsimile: (408)414-1076 
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